The vulnerability (CVE-2021-44790) can be exploited via a carefully crafted request body that can cause a buffer overflow in the mod_lua multipart parser (r:parsebody() called from Lua scripts).
The developers of WordPress have pushed out a security-focused update that addresses four significant security flaws, including cross-site scripting (XSS) and SQL injection vulnerabilities.
According to a new report released by Chainalysis on cryptocurrency crime trends, $14 billion in cryptocurrency was sent to illicit addresses in 2021, nearly double the figure seen in 2020.
The security team of the U.K NHS said that it detected an unknown threat actor using the Log4Shell vulnerability to hack VMWare Horizon servers and plant web shells for future attacks.
Switzerland’s army has banned the use of WhatsApp whilst on duty, a spokesman confirmed Thursday, in favour of a Swiss messaging service deemed more secure in terms of data protection.
FinalSite claims to provide solutions for over 8,000 schools and universities. On Tuesday, Finalsite-based websites of school districts were found to be unreachable or were displaying errors.
Sotheby’s Brightcove account was breached by hackers who deployed a skimmer to pilfer payment card details from more than 100 of its luxury real estate websites.
Cybersecurity researchers claimed to have found over a thousand phishing toolkits that are able to hack two-factor authentication, allowing hackers to conduct sophisticated attacks on a target system. It is bizarre to admit that most of these MitM phishing toolkits in use by attackers are based on tools developed by researchers themselves. Vulnerable organizations can […]
Java RMI services can be attacked through server-side request forgery (SSRF) attacks, according to a detailed analysis of the problem by security researcher Tobias Neitzel.
The company said it had detected an intrusion on some of its IT systems and it “promptly took action to contain it and implement business continuity and data recovery protocols.”